Jump to content


Photo

False Positive (preg.exe)


  • Please log in to reply
4 replies to this topic

#1 tsmith35

tsmith35

    New Member

  • Members
  • Pip
  • 2 posts

Posted 18 January 2011 - 06:39 AM

The file preg.exe is provided as part of the SourceBoost embedded programming IDE. It is falsely detected as Backdoor.Win32.Bifrose by Ikarus. This file is a required part of the SourceBoost system (it is used to enter PURCHASED license information) and is available as part of the download.


Avira has already removed the false detection.

Password of attached zip file is "ikarus"

****File and links removed by moderator****

As Lynx pointed out, links and suspect files should *not* be posted publicly. There is always a chance that they may have been compromised. As Stapp says, thanks for bringing this to the team's attention.

#2 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 2546 posts
  • LocationAustralia

Posted 18 January 2011 - 07:32 AM

Hi tsmith35, welcome to the forum

Please do not ever post neither the links to the downloads in question nor the files

If you want to find out whether the flagged item is an FP submit the entry as described in Submitting suspected False Positives for analysis

Thanks for supplying the password , but the password should be "fp" as in #3 of the referred thread and the archive should not be attached to the post of the public forum

My regards

XP Pro, SP3 (32-bit); EAM v8.1.0.40 (beta) ; Firewall: Comodo 3.14 FW only ("Defense+" HIPS)
Win 7 Home Premium x64, SP1; EAM v8.1.0.40 (beta); Firewall: Comodo as above

Win 7 Ultimate, SP1 (32-bit) testing EIS 9 beta


#3 stapp

stapp

    Sheep Expert

  • Global Moderator
  • 1741 posts
  • LocationYorkshire UK

Posted 18 January 2011 - 07:48 AM

Hi tsmith35 :)

As Lynx pointed out there is a way of reporting false positives.

However you weren't aware of this perhaps.

Thanks very much anyway for going to the trouble of reporting it as it helps other users and Emsisoft.

Using Win XP 32bit, Win 7 64bit, Win 8.1 64bit.


#4 tsmith35

tsmith35

    New Member

  • Members
  • Pip
  • 2 posts

Posted 19 January 2011 - 10:15 PM

Hi tsmith35 :)

As Lynx pointed out there is a way of reporting false positives.

However you weren't aware of this perhaps.

Thanks very much anyway for going to the trouble of reporting it as it helps other users and Emsisoft.

Thanks for clearing that up. I thought the forum was the proper way to submit the file, but I will use the method you recommended for any future reports. :)

#5 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 2546 posts
  • LocationAustralia

Posted 20 January 2011 - 11:16 AM

Hi tsmith35,

I submitted the file yesterday late evening and quarantined it
After the latest update few min. ago the file was automatically re-scanned and restored from quarantine, so the FP was confirmed and fixed quite quickly

My regards

XP Pro, SP3 (32-bit); EAM v8.1.0.40 (beta) ; Firewall: Comodo 3.14 FW only ("Defense+" HIPS)
Win 7 Home Premium x64, SP1; EAM v8.1.0.40 (beta); Firewall: Comodo as above

Win 7 Ultimate, SP1 (32-bit) testing EIS 9 beta





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users